Both users SYS and SYSTEM automatically have the EXEMPT REDACTION POLICY privilege.

SYSTEM has the EXP_FULL_DATABASE role, which includes the EXEMPT REDACTION POLICY privilege.

This means that the SYS and SYSTEM users can always bypass any existing Oracle Data Redaction policies, and will always be able to view data from tables (or views) that have Data Redaction policies defined on them.

A data redaction policy cannot be applied to an object owned by SYS.

Follow these guidelines:

• Do not create Data Redaction policies on the default Oracle Database schemas, including the SYS and SYSTEM schemas.

• Be aware that granting the EXEMPT REDACTION POLICY privilege to additional roles may enable users to bypass Oracle Data Redaction, because the grantee role may have been granted to additional roles.

• Do not revoke the EXEMPT REDACTION POLICY privilege from the roles that it was granted to by default.